Wikipedia Investigates DDoS Attack

The Wikimedia Foundation, which oversees the popular online encyclopedia, is investigating a distributed denial-of-service attack that temporarily blocked access to several of its regional sites over the weekend in parts of Europe as well as the Middle East.

In a statement, the foundation said that by Monday, access to all of the Wikipedia sites affected by the DDoS attack had been restored, and the not-for-profit organization was continuing to restore its infrastructure as well as investigate the cause of the attack.

The attack, which started sometime on Friday, affected several Wikipedia sites in Europe - including Poland, France, Germany and Italy - as well as parts of the Middle East, including Israel, according to downdetector.com. Wikipedia remains one of the world's most popular websites, ranking in the Top 10, according to an analysis by Amazon Alexa.

"As one of the world's most popular sites, Wikipedia sometimes attracts 'bad faith' actors," Wikemedia Foundation says in its statement. "We condemn these sorts of attacks. They're not just about taking Wikipedia offline. Takedown attacks threaten everyone's fundamental rights to freely access and share information. We in the Wikimedia movement and foundation are committed to protecting these rights for everyone."

On Friday night, the official Twitter account for Wikipedia in Germany tweeted about the attack, noting the online encyclopedia's servers has been hit by a "massive and very broad DDoS attack."

Claiming Responsibility

It's not clear where the attack against Wikipedia sites started, although at least one person claimed responsibility.

A Twitter user who goes by the handle "UkDrillas" claimed responsibility for the attack, according to a report in the Israeli publication Haaretz. In a series of tweets, the user laid out a timeline of his attacks. In a later tweet, he claimed he was only "testing some new IoT devices." After that, however, the user's Twitter account was blocked on Saturday night, according to Haaretz.com.

In its statement, The Wikimedia Foundation did not specify who may have been behind the attack, and spokesperson declined to discuss the issue further on Monday.

Terry Ray, a senior vice president and CTO at security firm Imperva, tells Information Security Media Group that since the motives behind these various DDoS attacks vary, security leaders need to ask themselves what's the cost of preventing an attacks versus the long-term damage to a company's image or brand that could result if the issue is not resolved quickly enough.

"The reason DDoS attacks are successful are simply because DDoS isn't always perceived as a cybersecurity issue," Ray says. "Consider that DDoS doesn't actually steal anything itself, beyond slowing or stopping businesses in some cases. DDoS is more of an up[time and reliability factor for businesses. Companies have to ask themselves what the cost is for downtime and media attention for these types of attacks - is the cost of mitigation worth the cost of downtime and brand? It's a simple equation and one most businesses have already done. Wikipedia likely determined the cost of protection was more than the cost of DDoS business impact."

DDoS Attacks Increasing

While individual Wikipedia pages have previously been defaced and some countries have blocked access to the sites, this weekend's incidents may be the first time that the online encyclopedia has sustained a large-scale DDoS attack, Haaretz reports.

Those who wage DDoS attacks against websites and internet service providers sometimes attempt to use these incidents to make a profit. For example, earlier this year, a British man pleaded guilty and was sentenced to prison following an attack in the West African country of Liberia. He claims he was paid $100,000 by a rival internet service provider to conduct the attack (see: UK Sentences Man for Mirai DDoS Attacks Against Liberia).

Meanwhile, a defendant who prosecutors say helped co-create the notorious Satori botnet pleaded guilty earlier this month to computer crime charges. Kenneth Currin Schuchman admitted that he and others attempted to rent out various botnets for DDoS attacks that others could use (see: Satori Botnet Co-Creator Pleads Guilty).

After a decrease in DDoS attacks in 2018, the numbers have increased during the first part of this year, according to a Kaspersky report. The total number of attacks climbed by 84 percent in the first quarter of 2019 compared to the fourth quarter of 2018, Kaspersky says. In addition, the number of attacks that lasted more than 60 minutes doubled quarter-over-quarter.

Kaspersky researchers attributed the fall in DDoS attack numbers at the end of 2018 to a market vacuum in botnet distribution. The researchers say the supply deficit was linked to the clamping down on DDoS attacks, the closure of sites selling related services and the arrest of some major players over the past year.

"Now it seems the vacuum is being filled: Such explosive growth in the indicators is almost certainly due to the appearance of new suppliers and clients of DDoS services," the Kaspersky report states.

About the Author

Venkat is special correspondent for Information Security Media Group's global news desk. She has previously worked at IDG, Business Standard, Bangalore Mirror and The New Indian Express, where she reported on developments in technology, businesses, startups, fintech, e-commerce, cybersecurity, civic news and education.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;